DNS Finder - Core Algorithm

Watcher.dns_finder.core.check_dnstwist(dns_monitored)

Runs dnstwist.

Parameters:

dns_monitored – DnsMonitored Object.

Returns:

Watcher.dns_finder.core.in_dns_monitored(domain)

Check if domain is a subdomain of one domain of the DnsMonitored list.

Parameters:

domain – Domain to search (Str).

Return type:

bool

Watcher.dns_finder.core.main_certificate_transparency()

Launch CertStream scan.

Watcher.dns_finder.core.main_dns_twist()

Launch dnstwist algorithm.

Watcher.dns_finder.core.print_callback(message, context)

Runs CertStream scan.

Parameters:

• message – event from CertStream.

• context – parameter from CertStream.

Watcher.dns_finder.core.send_dns_finder_notifications(alert)

Sends notifications to Slack, Citadel, TheHive or Email based on DNS Finder.

Parameters:

alert – Alert Object.

Watcher.dns_finder.core.send_dns_finder_notifications_group(dns_monitored, alerts_number, alerts)

Sends grouped notifications to Slack, Citadel, TheHive or Email based on dns_finder_group. If the application is TheHive, individual notifications are sent for each alert.

Parameters:

• keyword – The keyword or term associated with the dns finder.

• alerts_number – The total number of alerts in the group.

• alerts – The list of individual alerts to be processed and sent to TheHive.

Watcher.dns_finder.core.start_scheduler()

Launch multiple planning tasks in background:

• Fire main_dns_twist from Monday to Sunday: every 2 hours.

• Fire main_certificate_transparency from Monday to Sunday: every hour.